newexperimental on radius

Si St sigbj-st at operamail.com
Mon Apr 14 12:49:47 CEST 2008


-ASUS-laptop(SuSE 10 and WinXP),HP-laptop(Win-Vista only),ACER-laptop(WinXP only),HPC-workstation(SLED Novell-SuSE and WinXP).
-Dlink DIR-635 router
-Zyxel Prestige 600 ADSL modem
-FreeRADIUS Version 1.0.4

Q: Could anybody tell me what kind of password is to be set on the router configuration to enable RADIUS setup?
The router states that the password has to correspond with the password in the radius, but which one and how?
It is boxed as "RADIUS-Server Shared Secret"
What file does it correspond with? The secret in clients.conf?
And what password is the YaST asking for when configuring the networkcard with WPA-EAP? The same password or another?
In YaST it is asked for 1)Identity, 2)Password, 3)Client-Zertifikat and 4)Server-Zertifikat

It is number 1 and 2 I am wondering about

I have tried to read carefully about RADIUS in the documentation in SuSE and on the web.
I have also tried out to run the CA.pl and CA.all as to certificates for web and radius EAP-TLS. It is so far just practice and tryouts for me now.
I have several machines PCs at home with SuSE_10.0,SuSE_Linux_Enterprise_Desktop_SP1,WinXP and WinVista. I would like to try out Radius for Internet connections.
Q: Is it difficult to make EAP-TLS work with windows, and should I use EAP-TTLS instead or PEAP?

I am eager to have these things work in the end, but I try carefully to approach it step by step. I have so far changed as little as possible in the config-files as I am told to. All together I am understanding more and more to be able to finally make the setup.


Router config management
Authentifizierung Zeitüberschreitung  : (Minuten)
RADIUS-Server IP-Adresse :
RADIUS-Server Port :
RADIUS-Server Shared Secret :
MAC-Adresse Authentifizierung :

Radius-Server Shared Secret:  Eine Pass-Phrase, welche mit dem Authentifizierungsserver zusammenpassen muß.

radiusd -v
radiusd: FreeRADIUS Version 1.0.4, for host , built on Sep 13 2005 at 02:15:36


radiusd -X:

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/proxy.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/eap.conf
Config:   including file: /etc/raddb/sql.conf
 main: prefix = "/usr"
 main: localstatedir = "/var"
 main: logdir = "/var/log/radius"
 main: libdir = "/usr/lib/freeradius"
 main: radacctdir = "/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/radiusd/radiusd.pid"
 main: user = "radiusd"
 main: group = "radiusd"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = yes
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec 
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec) 
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded PAP 
 pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded MS-CHAP 
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap) 
Module: Loaded System 
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "(null)"
 unix: group = "(null)"
 unix: radwtmp = "/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix) 
Module: Loaded eap 
 eap: default_eap_type = "md5"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/etc/raddb/huntgroups"
 preprocess: hints = "/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix) 
Module: Loaded files 
 files: usersfile = "/etc/raddb/users"
 files: acctusersfile = "/etc/raddb/acct_users"
 files: preproxy_usersfile = "/etc/raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files) 
Module: Loaded Acct-Unique-Session-Id 
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique) 
Module: Loaded detail 
 detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
 radutmp: filename = "/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp) 
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.

I have also tried out: 
/usr/sbin/radexample
/usr/sbin/radlogin
/usr/bin/radclient
/usr/bin/radtest

and find that all together I must be on the right track.

RADEXAMPLE
login: sigbj
Password:
"sigbj" RADIUS Authentication OK

RADLOGIN
($Id: radlogin.c,v 1.3 1997/12/29 23:07:25 lf Exp $)
-----------------------------------------------------
Linux 2.6.13-15.18-default (linux) (port 1)
-----------------------------------------------------

login: sigbj
Password:
RADIUS: Authentication OK
Starting.
RADIUS_FRAMED_COMPRESSION = Van-Jacobson-TCP-IP
RADIUS_FRAMED_PROTOCOL = PPP
RADIUS_FRAMED_MTU = 1500
RADIUS_FILTER_ID = std.ppp
RADIUS_USER_NAME = sigbj
RADIUS_FRAMED_IP_ADDRESS = 192.168.0.198
RADIUS_SERVICE_TYPE = Framed-User
RADIUS_FRAMED_ROUTING = Broadcast-Listen
RADIUS_FRAMED_IP_NETMASK = 255.255.255.0
Unhandled Service-Type

RADCLIENT
radclient -f radius.test 127.0.0.1:1812 auth testing123
Received response ID 95, code 3, length = 20
Received response ID 96, code 3, length = 20
Received response ID 97, code 3, length = 20

RADTEST
radtest sigbj testing 127.0.0.1:1812 1 testing123
Sending Access-Request of id 151 to 127.0.0.1:1812
        User-Name = "sigbj"
        User-Password = "testing"
        NAS-IP-Address = linux
        NAS-Port = 1
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=151, length=71
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = 192.168.0.198
        Framed-IP-Netmask = 255.255.255.0
        Framed-Routing = Broadcast-Listen
        Filter-Id = "std.ppp"
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobson-TCP-IP


-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Powered by Outblaze




More information about the Freeradius-Users mailing list